1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# Copyright (C) 2017-2018 Red Hat, Inc. <http://www.redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
"""
Description: This contains the gluster volume auth allow and
reject operations
"""
from glusto.core import Glusto as g
from glustolibs.gluster.volume_ops import get_volume_options
def set_auth_allow(volname, server, auth_dict):
"""
Set authentication for volumes or sub directories as required
Args:
volname(str): The name of volume in which auth
has to be set
server(str): IP or hostname of one node
auth_dict(dict): key-value pair of dirs and clients list
Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
'/d3/subd1':['10.70.37.172','dhcp37-999.xyz.cdf.pqr.abc.com']}
If authentication has to set on entire volume, use 'all' as key.
auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
'all' refers to entire volume
Returns (bool):
True if all the auth set operation is success.
"""
auth_cmds = []
if not auth_dict:
g.log.error("Authentication details are not provided")
return False
# If authentication has to be set on sub-dirs, convert the key-value pair
# to gluster authentication set command format.
if 'all' not in auth_dict:
for key, value in auth_dict.iteritems():
auth_cmds.append("%s(%s)" % (key, "|".join(value)))
auth_cmd = ("gluster volume set %s auth.allow \"%s\""
% (volname, ",".join(auth_cmds)))
# When authentication has to be set on entire volume, convert the
# key-value pair to gluster authentication set command format
else:
auth_cmd = ("gluster volume set %s auth.allow %s"
% (volname, ",".join(auth_dict["all"])))
# Execute auth.allow setting on server.
ret, _, _ = g.run(server, auth_cmd)
if (not ret) and (verify_auth_allow(volname, server, auth_dict)):
g.log.info("Authentication set and verified successfully.")
return True
return False
def verify_auth_allow(volname, server, auth_dict):
"""
Verify authentication for volumes or sub directories as required
Args:
volname(str): The name of volume in which auth
has to be set
server(str): IP or hostname of one node
auth_dict(dict): key-value pair of dirs and clients list
Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
'/d3/subd1':['10.70.37.172','10.70.37.197']}
If authentication has to set on entire volume, use 'all' as key.
auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
'all' refers to entire volume
Returns (bool):
True if the verification is success.
"""
auth_details = []
if not auth_dict:
g.log.error("Authentication details are not provided")
return False
# Get the value of auth.allow option of the volume
auth_clients_dict = get_volume_options(server, volname, "auth.allow")
auth_clients = auth_clients_dict['auth.allow']
# When authentication has to be verified on entire volume(not on sub-dirs)
# check whether the required clients names are listed in auth.allow option
if 'all' in auth_dict:
clients_list = auth_clients.split(',')
res = all(elem in clients_list for elem in auth_dict['all'])
if not res:
g.log.error("Authentication verification failed. auth.allow: %s",
auth_clients)
return False
g.log.info("Authentication verified successfully. auth.allow: %s",
auth_clients)
return True
# When authentication has to be verified on on sub-dirs, convert the key-
# value pair to a format which matches the value of auth.allow option.
for key, value in auth_dict.iteritems():
auth_details.append("%s(%s)" % (key, "|".join(value)))
# Check whether the required clients names are listed in auth.allow option
for auth_detail in auth_details:
if auth_detail not in auth_clients:
g.log.error("Authentication verification failed. auth.allow: %s",
auth_clients)
return False
g.log.info("Authentication verified successfully. auth.allow: %s",
auth_clients)
return True
|